26 matches found
EUVD-2023-0769
Malicious code in bioql PyPI...
EUVD-2023-0622
Malicious code in bioql PyPI...
CVE-2023-23625
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23631
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...
GO-2023-1559 Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfsnode
Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. There are no known workarounds users are advised to...
GO-2023-1557 Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfs
Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus "fanout" parameter in the HAMT directory nodes. A workaround is to not feed untrusted user data to th...
Denial Of Service (DoS)
github.com/ipfs/go-unixfs is vulnerable to Denial Of Service DoS. The vulnerability exists because hamt.go doesn't properly handle malformed HAMT structures while reading data in the bogus fanout parameter in the HAMT directory nodes, which leads to memory leaks, allowing an attacker to cause an...
Denial of service via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. This include checks returned in ipfs/go-bitfield...
GHSA-Q264-W97Q-Q778 Denial of service via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. This include checks returned in ipfs/go-bitfield...
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. This includes checks returned in...
GHSA-4GJ3-6R43-3WFC IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. This includes checks returned in...
CVE-2023-23625
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
Design/Logic Flaw
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
Design/Logic Flaw
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...
CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23625
CVE-2023-23625 affects go-unixfs, an implementation atop ipld merkledag. A malformed HAMT sharded directory with a bogus fanout parameter can trigger panics and virtual memory leaks when decoding untrusted input. Affected version is prior to 0.4.3; upgrade to 0.4.3 or apply safe decoding practice...
CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...
CVE-2023-23631
The CVE-2023-23631 entry affects github.com/ipfs/go-unixfsnode, an ADL IPLD prime node that wraps go-codec-dagpb protobuf to enable pathing. The root cause is a bogus fanout parameter in HAMT directory nodes, and reading malformed HAMT sharded directories can trigger panics and virtual memory lea...